Skip to content

Commit

Permalink
Merge pull request #135 from nasa/dev
Browse files Browse the repository at this point in the history 
Dev Merge into Main
  • Loading branch information
@rjbrown2
rjbrown2 committed Nov 9, 2022
2 parents a259545 + 0893c89 commit 72f4ff5
Show file tree
Hide file tree
Showing 26 changed files with 7,783 additions and 391 deletions.
16 changes: 15 additions & 1 deletion include/crypto.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,11 @@
#define CRYPTO_LIB_REVISION 3
#define CRYPTO_LIB_MISSION_REV 0

/*
** TC_BLOCK_SIZE
*/
#define TC_BLOCK_SIZE 16

/*
** User Prototypes
*/
Expand All @@ -65,6 +70,7 @@ extern int32_t Crypto_Config_Kmc_Crypto_Service(char* protocol, char* kmc_crypto
uint8_t kmc_ignore_ssl_hostname_validation, char* mtls_client_cert_path,
char* mtls_client_cert_type, char* mtls_client_key_path,
char* mtls_client_key_pass, char* mtls_issuer_cert);
extern int32_t Crypto_Config_Cam(uint8_t cam_enabled, char* cookie_file_path, char* keytab_file_path, uint8_t login_method, char* access_manager_uri, char* username, char* cam_home);
extern int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, uint8_t vcid, uint8_t has_fecf,
uint8_t has_segmentation_hdr, uint16_t max_tc_frame_size);

Expand All @@ -83,13 +89,19 @@ extern int32_t Crypto_Shutdown(void); // Free all allocated memory
extern int32_t Crypto_TC_ApplySecurity(const uint8_t* p_in_frame, const uint16_t in_frame_length,
uint8_t** pp_enc_frame, uint16_t* p_enc_frame_len);
extern int32_t Crypto_TC_ProcessSecurity(uint8_t* ingest, int *len_ingest, TC_t* tc_sdls_processed_frame);
extern int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in_frame_length,
uint8_t** pp_enc_frame, uint16_t* p_enc_frame_len, char* cam_cookies);
extern int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc_sdls_processed_frame, char* cam_cookies);
// Telemetry (TM)
extern int32_t Crypto_TM_ApplySecurity(uint8_t* ingest, int *len_ingest);
extern int32_t Crypto_TM_ProcessSecurity(uint8_t* ingest, int *len_ingest);
// Advanced Orbiting Systems (AOS)
extern int32_t Crypto_AOS_ApplySecurity(uint8_t* ingest, int *len_ingest);
extern int32_t Crypto_AOS_ProcessSecurity(uint8_t* ingest, int *len_ingest);

// Crypo Error Support Functions
extern char* Crypto_Get_Error_Code_Enum_String(int32_t crypto_error_code);

/*
** Internal Prototypes
*/
Expand Down Expand Up @@ -153,7 +165,8 @@ int32_t crypto_config_add_gvcid_managed_parameter_recursion(uint8_t tfvn, uint16
GvcidManagedParameters_t* managed_parameter);
void Crypto_Free_Managed_Parameters(GvcidManagedParameters_t* managed_parameters);


// Project-wide support functions
extern char* crypto_deep_copy_string(char* src_string);

/*
** Extern Global Variables
Expand All @@ -166,6 +179,7 @@ extern TM_t tm_frame;
extern CryptoConfig_t* crypto_config;
extern SadbMariaDBConfig_t* sadb_mariadb_config;
extern CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config;
extern CamConfig_t* cam_config;
extern GvcidManagedParameters_t* gvcid_managed_parameters;
extern GvcidManagedParameters_t* current_managed_parameters;
extern SadbRoutine sadb_routine;
Expand Down
5 changes: 4 additions & 1 deletion include/crypto_config.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,10 @@
#define RESET
#endif


// Max Frame Size
#define TC_MAX_FRAME_SIZE 1024

// Spacecraft Defines
#define SCID 0x0003 // 0xC3D2

Expand Down Expand Up @@ -162,7 +166,6 @@
#define TC_SH_SIZE 8 /* bits */
#define TC_SN_SIZE 2
#define TC_SN_WINDOW 10 /* +/- value */
#define TC_PAD_SIZE 0
#define TC_FRAME_DATA_SIZE 1740 /* bytes */

// CCSDS PUS Defines
Expand Down
31 changes: 30 additions & 1 deletion include/crypto_config_structs.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,18 @@ typedef enum
SA_INCREMENT_NONTRANSMITTED_IV_TRUE
} SaIncrementNonTransmittedIvPortion;

typedef enum
{
CAM_ENABLED_FALSE,
CAM_ENABLED_TRUE
} CamEnabledBool;

typedef enum
{
CAM_LOGIN_NONE, // Using already populated cam_cookie_file
CAM_LOGIN_KERBEROS, // Using already logged-in Kerberos to generate CAM cookies
CAM_LOGIN_KEYTAB_FILE // using keytab file to login and generate CAM cookies
} CamLoginMethod;
/*
** Used for selecting supported algorithms
*/
Expand All @@ -102,7 +114,8 @@ typedef enum
typedef enum
{
CRYPTO_CIPHER_NONE,
CRYPTO_CIPHER_AES256_GCM
CRYPTO_CIPHER_AES256_GCM,
CRYPTO_CIPHER_AES256_CBC
} EncCipherSuite;

/*
Expand Down Expand Up @@ -180,5 +193,21 @@ typedef struct
} CryptographyKmcCryptoServiceConfig_t;
#define CRYPTOGRAPHY_KMC_CRYPTO_SERVICE_CONFIG_SIZE (sizeof(CryptographyKmcCryptoServiceConfig_t))

/*
** Common Access Manager (CAM) Configuration Block
*/
typedef struct
{
uint8_t cam_enabled;
char* cookie_file_path;
char* keytab_file_path;
char* access_manager_uri;
char* username;
char* cam_home;
uint8_t login_method;

} CamConfig_t;
#define CAM_CONFIG_SIZE (sizeof(CamConfig_t))


#endif
75 changes: 54 additions & 21 deletions include/crypto_error.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,18 @@
#ifndef _crypto_error_h_
#define _crypto_error_h_

#define SADB_INVALID_SADB_TYPE 201
#define SADB_NULL_SA_USED 202
#define CRYPTO_CONFIGURATION_NOT_COMPLETE 101
#define CRYPTO_MANAGED_PARAM_CONFIGURATION_NOT_COMPLETE 102
#define CRYPTO_MARIADB_CONFIGURATION_NOT_COMPLETE 103
#define MANAGED_PARAMETERS_FOR_GVCID_NOT_FOUND 104
/*
* If error codes are added to this header file, their enum string must be added to the error lists (in crypto_error.c)
* AND logic for returning the enum string must be added to crypto_error.c -- Crypto_Get_Error_Code_Enum_String(int32_t)
*/

#define CRYPTO_CONFIGURATION_NOT_COMPLETE 100
#define CRYPTO_MANAGED_PARAM_CONFIGURATION_NOT_COMPLETE 101
#define CRYPTO_MARIADB_CONFIGURATION_NOT_COMPLETE 102
#define MANAGED_PARAMETERS_FOR_GVCID_NOT_FOUND 103

#define SADB_INVALID_SADB_TYPE 200
#define SADB_NULL_SA_USED 201

#define SADB_MARIADB_CONNECTION_FAILED 300
#define SADB_QUERY_FAILED 301
Expand All @@ -34,21 +40,34 @@
#define CRYPTOGRAPHY_UNSUPPORTED_OPERATION_FOR_KEY_RING 401
#define CRYPTOGRAPHY_LIBRARY_INITIALIZIATION_ERROR 402

#define CRYPTOGRAPHY_KMC_CRYPTO_SERVICE_CONFIGURATION_NOT_COMPLETE 501
#define CRYPTOGRAPHY_KMC_CURL_INITIALIZATION_FAILURE 502
#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_CONNECTION_ERROR 503
#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_AEAD_ENCRYPT_ERROR 504
#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_AEAD_DECRYPT_ERROR 505
#define CRYPTOGRAHPY_KMC_CRYPTO_JSON_PARSE_ERROR 506
#define CRYPTOGRAHPY_KMC_CIPHER_TEXT_NOT_FOUND_IN_JSON_RESPONSE 507
#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE 508
#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_AUTHENTICATION_ERROR 509
#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_MAC_VALIDATION_ERROR 510
#define CRYPTOGRAHPY_KMC_ICV_NOT_FOUND_IN_JSON_RESPONSE 511
#define CRYPTOGRAHPY_KMC_NULL_ENCRYPTION_KEY_REFERENCE_IN_SA 512
#define CRYPTOGRAHPY_KMC_NULL_AUTHENTICATION_KEY_REFERENCE_IN_SA 513
#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE 514
#define CRYPTOGRAPHY_KMC_CRYPTO_SERVICE_CONFIGURATION_NOT_COMPLETE 500
#define CRYPTOGRAPHY_KMC_CURL_INITIALIZATION_FAILURE 501
#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_CONNECTION_ERROR 502
#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_AEAD_ENCRYPT_ERROR 503
#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_AEAD_DECRYPT_ERROR 504
#define CRYPTOGRAHPY_KMC_CRYPTO_JSON_PARSE_ERROR 505
#define CRYPTOGRAHPY_KMC_CIPHER_TEXT_NOT_FOUND_IN_JSON_RESPONSE 506
#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE 507
#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_AUTHENTICATION_ERROR 508
#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_MAC_VALIDATION_ERROR 509
#define CRYPTOGRAHPY_KMC_ICV_NOT_FOUND_IN_JSON_RESPONSE 510
#define CRYPTOGRAHPY_KMC_NULL_ENCRYPTION_KEY_REFERENCE_IN_SA 511
#define CRYPTOGRAHPY_KMC_NULL_AUTHENTICATION_KEY_REFERENCE_IN_SA 512
#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE 513
#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_DECRYPT_ERROR 514
#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_ENCRYPT_ERROR 515

#define CAM_CONFIG_NOT_SUPPORTED_ERROR 600
#define CAM_INVALID_COOKIE_FILE_CONFIGURATION_NULL 601
#define CAM_AUTHENTICATION_FAILURE_REDIRECT 602
#define CAM_AUTHENTICATION_REQUIRED 603
#define CAM_GET_SSO_TOKEN_FAILURE 604
#define CAM_INVALID_CONFIGURATION_ACCESS_MANAGER_URI_NULL 605
#define CAM_INVALID_CONFIGURATION_KEYTAB_FILE_PATH_NULL 606
#define CAM_INVALID_CONFIGURATION_KEYTAB_FILE_USERNAME_NULL 607
#define CAM_KEYTAB_FILE_KINIT_FAILURE 608
#define CAM_KERBEROS_REQUEST_TIME_OUT 609
#define CAM_MAX_AUTH_RETRIES_REACHED 610

#define CRYPTO_LIB_SUCCESS (0)
#define CRYPTO_LIB_ERROR (-1)
Expand Down Expand Up @@ -92,5 +111,19 @@
#define CRYPTO_LIB_ERR_FRAME_COUNTER_DOESNT_MATCH_SA (-39)
#define CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TC_STANDARD (-40)
#define CRYPTO_LIB_ERR_INPUT_FRAME_LENGTH_SHORTER_THAN_FRAME_HEADERS_LENGTH (-41)
#define CRYPTO_LIB_ERR_UNSUPPORTED_ECS_MODE (-42)
#define CRYPTO_LIB_ERR_NULL_MODE_PTR (-43)
#define CRYPTO_LIB_ERR_UNSUPPORTED_MODE (-44)

extern char *crypto_enum_errlist_core[];
extern char *crypto_enum_errlist_config[];
extern char *crypto_enum_errlist_sadb_if[];
extern char *crypto_enum_errlist_sadb_mariadb[];
extern char *crypto_enum_errlist_crypto_if[];
extern char *crypto_enum_errlist_crypto_kmc[];
extern char *crypto_enum_errlist_crypto_cam[];

#define CRYPTO_UNDEFINED_ERROR "CRYPTO_UNDEFINED_ERROR_CODE"


#endif //_crypto_error_h_
#endif //_crypto_error_h_
22 changes: 16 additions & 6 deletions include/cryptography_interface.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,24 +34,33 @@ typedef struct
crypto_key_t* (*get_ek_ring)(void);
int32_t (*cryptography_shutdown)(void);
// Cryptography Interface Functions
int32_t (*cryptography_encrypt)(void);
int32_t (*cryptography_decrypt)(void);
int32_t (*cryptography_encrypt)(uint8_t* data_out, size_t len_data_out,
uint8_t* data_in, size_t len_data_in,
uint8_t* key, uint32_t len_key,
SecurityAssociation_t* sa_ptr,
uint8_t* iv, uint32_t iv_len,uint8_t* ecs, uint8_t padding, char* cam_cookies);
int32_t (*cryptography_decrypt)(uint8_t* data_out, size_t len_data_out,
uint8_t* data_in, size_t len_data_in,
uint8_t* key, uint32_t len_key,
SecurityAssociation_t* sa_ptr,
uint8_t* iv, uint32_t iv_len,
uint8_t* ecs, uint8_t* acs, char* cam_cookies);
int32_t (*cryptography_authenticate)(uint8_t* data_out, size_t len_data_out,
uint8_t* data_in, size_t len_data_in,
uint8_t* key, uint32_t len_key,
SecurityAssociation_t* sa_ptr, // For key index or key references (when key not passed in explicitly via key param)
uint8_t* iv, uint32_t iv_len,
uint8_t* mac, uint32_t mac_size,
uint8_t* aad, uint32_t aad_len,
uint8_t ecs, uint8_t acs);
uint8_t ecs, uint8_t acs, char* cam_cookies);
int32_t (*cryptography_validate_authentication)(uint8_t* data_out, size_t len_data_out,
uint8_t* data_in, size_t len_data_in,
uint8_t* key, uint32_t len_key,
SecurityAssociation_t* sa_ptr,
uint8_t* iv, uint32_t iv_len,
uint8_t* mac, uint32_t mac_size,
uint8_t* aad, uint32_t aad_len,
uint8_t ecs, uint8_t acs);
uint8_t ecs, uint8_t acs, char* cam_cookies);
int32_t (*cryptography_aead_encrypt)(uint8_t* data_out, size_t len_data_out,
uint8_t* data_in, size_t len_data_in,
uint8_t* key, uint32_t len_key,
Expand All @@ -60,7 +69,7 @@ typedef struct
uint8_t* mac, uint32_t mac_size,
uint8_t* aad, uint32_t aad_len,
uint8_t encrypt_bool, uint8_t authenticate_bool,
uint8_t aad_bool, uint8_t* ecs, uint8_t* acs);
uint8_t aad_bool, uint8_t* ecs, uint8_t* acs, char* cam_cookies);
int32_t (*cryptography_aead_decrypt)(uint8_t* data_out, size_t len_data_out,
uint8_t* data_in, size_t len_data_in,
uint8_t* key, uint32_t len_key,
Expand All @@ -69,9 +78,10 @@ typedef struct
uint8_t* aad, uint32_t aad_len,
uint8_t* mac, uint32_t mac_size,
uint8_t decrypt_bool, uint8_t authenticate_bool,
uint8_t aad_bool, uint8_t* ecs, uint8_t* acs);
uint8_t aad_bool, uint8_t* ecs, uint8_t* acs, char* cam_cookies);
int32_t (*cryptography_get_acs_algo)(int8_t algo_enum);
int32_t (*cryptography_get_ecs_algo)(int8_t algo_enum);


} CryptographyInterfaceStruct, *CryptographyInterface;

Expand Down
2 changes: 1 addition & 1 deletion src/crypto_sadb/sadb_mariadb_sql/create_sadb.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,4 +34,4 @@ CREATE TABLE IF NOT EXISTS security_associations
,arsnw SMALLINT NOT NULL DEFAULT 0 -- ARSNW_SIZE=1
);

create unique index if not exists main_spi on security_associations (spi,scid,vcid,tfvn,mapid);
create unique index if not exists main_spi on security_associations (spi,scid);
2 changes: 1 addition & 1 deletion src/crypto_sadb/test_sadb_mariadb_sql/create_sadb_ivv_unit_tests.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,4 @@ VALUES (4,'itc/test/key4',3,X'01',1,1,6,12,16,X'000000000000FFFFFFFFFFFC',20,X'0

-- SA 5 - OPERATIONAL; ENC; ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-0
INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,arsn,tfvn,scid,vcid,mapid,ecs_len,acs_len,acs,shsnf_len)
VALUES (5,'itc/test/key5',3,X'01',0,1,12,12,16,X'000000000000000000000001',36,X'000000000000000000000000000000000000000000000000000000000000000000000000',5,3,X'05FFFC',0,3,3,0,1,1,X'01',2);
VALUES (5,'itc/test/key5',3,X'01',0,1,12,12,16,X'000000000000000000000001',36,X'000000000000000000000000000000000000000000000000000000000000000000000000',5,3,X'05FFFC',0,3,3,0,1,1,X'00',2);
Loading

0 comments on commit 72f4ff5

Please sign in to comment.